CVE-2023-41443

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Sep 18, 2023

Updated: Sep 20, 2023

CWE ID 89

Summary

CVE-2023-41443 is a recently disclosed SQL injection vulnerability affecting Novel-Plus version 4.1.0. An attacker can exploit this flaw by sending a maliciously crafted script as the sort parameter in the /sys/menu/list endpoint. Successful exploitation allows the attacker to execute arbitrary code remotely. This vulnerability poses a significant risk, particularly for organizations using Novel-Plus and could lead to unauthorized access, data theft, and system compromise. It is recommended that users of Novel-Plus upgrade to a patched version as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sgI-7_
https://www.cve.org/CVERecord?id=CVE-2023-41443
https://nvd.nist.gov/vuln/detail/CVE-2023-41443

Back to Vulnerability Database

CVE-2023-41443

CVSS 3.1 Score 7.2 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations